IIS Reset thru Web access denied in Window 2003

[Royston]

I tried to reset IIS thru Web using the following code

ProcessStartInfo si = new ProcessStartInfo("cmd.exe");
// Redirect both streams so we can write/read them.
si.RedirectStandardInput = true;
si.RedirectStandardOutput = true;
si.UseShellExecute = false;
// Start the procses.
Process p = Process.Start(si);
p.StandardInput.WriteLine("iisreset","/restart");
p.StandardInput.WriteLine("exit");
// Read all the output generated from it.
string output = p.StandardOutput.ReadToEnd();

StreamWriter writer = new StreamWriter(alertLog, true, Encoding.UTF8);
writer.WriteLine(DateTime.Now + ": \"" + output);
writer.Close();

The code work in Windows 2000 server, the output is
Attempting stop...
Internet services successfully stopped
Attempting start...
Internet services successfully restarted

but when I run the code in Windows 2003 Enterprise Edition, the iisreset
don't work and I get
1/12/2005 3:33:24 PM: "Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

c:\windows\system32\inetsrv>iisreset

Access denied, you must be an administrator of the remote computer to use
this

command. Either have your account added to the administrator local group of

the remote computer or to the domain administrator global group.


c:\windows\system32\inetsrv>exit

Do anyone know how to solve this?

 

[Joe Kaplan \(MVP - ADSI\)]

Are you sure the current ASP.NET worker process is running as an
administrator? That seems like the most likely cause of the problem.

Under 2003, they are usually run under NETWORK SERVICE.

Joe K.

 

[Royston]

I have found that this method will not work as when System.Diagnostics start
a new process, the process always inherits the security context of the
parent process. Even if the ASP.NET thread invoking the Start method is
impersonating a client, the Process still starts with the ASP.NET worker
process credentials

I have worked around this using DuplicateTokenEx & CreateProcessAsUser win32
api (refer to http://odetocode.com/Blogs/scott/archive/2004/10/28/602.aspx).
However, this solution work in window 2003 but fail in window 2000 (I get
1314 error when running this on a Window 2000 machine)

 

[Joe Kaplan \(MVP - ADSI\)]

Right, the 1314 is something like "a needed privilege is not held by the
client". This is because you need to have the SE_TCB_NAME privilege to call
LogonUser or CreateProcessAsUser under Windows 2000, and generally that is
only given to the SYSTEM account.

This is a very common issue on Windows 2000.

Joe K.

I have found that this method will not work as when System.Diagnostics
start
a new process, the process always inherits the security context of the
parent process. Even if the ASP.NET thread invoking the Start method is
impersonating a client, the Process still starts with the ASP.NET worker
process credentials

I have worked around this using DuplicateTokenEx & CreateProcessAsUser
win32
api (refer to
http://odetocode.com/Blogs/scott/archive/2004/10/28/602.aspx).
However, this solution work in window 2003 but fail in window 2000 (I get
1314 error when running this on a Window 2000 machine)

I tried to reset IIS thru Web using the following code

ProcessStartInfo si = new ProcessStartInfo("cmd.exe");
// Redirect both streams so we can write/read them.
si.RedirectStandardInput = true;
si.RedirectStandardOutput = true;
si.UseShellExecute = false;
// Start the procses.
Process p = Process.Start(si);
p.StandardInput.WriteLine("iisreset","/restart");
p.StandardInput.WriteLine("exit");
// Read all the output generated from it.
string output = p.StandardOutput.ReadToEnd();

StreamWriter writer = new StreamWriter(alertLog, true, Encoding.UTF8);
writer.WriteLine(DateTime.Now + ": \"" + output);
writer.Close();

The code work in Windows 2000 server, the output is
Attempting stop...
Internet services successfully stopped
Attempting start...
Internet services successfully restarted

but when I run the code in Windows 2003 Enterprise Edition, the iisreset
don't work and I get
1/12/2005 3:33:24 PM: "Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

c:\windows\system32\inetsrv>iisreset

Access denied, you must be an administrator of the remote computer to use
this

command. Either have your account added to the administrator local group of

the remote computer or to the domain administrator global group.


c:\windows\system32\inetsrv>exit

Do anyone know how to solve this?